VARIoT IoT vulnerabilities database

A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition. More Information: CSCvb14425. Known Affected Releases: 6.1.1.BASE. Known Fixed Releases: 6.1.2.6i.MGBL 6.1.22.9i.MGBL 6.2.1.14i.MGBL. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS XR Software is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvb14425

Tenda/Dlink/TP-LINK are line router manufacturers, which have released many types of router products. A cross-site scripting vulnerability exists in Tenda/Dlink/TP-LINKTD-W8961ND 'DHCP'. Allows an attacker to inject malicious script code on the application side to manipulate the router dhcp hostname.

Stack-based buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5. plural NVIDIA Product nvhost_job.c Contains a stack-based buffer overflow vulnerability.It can cause a stack-based buffer overflow. Google Nexus is prone to multiple local privilege-escalation vulnerabilities. Local attackers can exploit these issues to gain elevated privileges. These issues are being tracked by Android bug IDs A-31471161, A-32072350, and A-32072253. An attacker could exploit this vulnerability to cause a system crash or execute arbitrary code

Buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5. plural NVIDIA Product nvhost_job.c Contains a buffer overflow vulnerability.It may cause a buffer overflow. Google Nexus is prone to multiple local privilege-escalation vulnerabilities. Local attackers can exploit these issues to gain elevated privileges. These issues are being tracked by Android bug IDs A-31471161, A-32072350, and A-32072253. Attackers can exploit this vulnerability to cause system crashes

Integer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5 allows local users to cause a denial of service (system crash) via unspecified vectors, which triggers a buffer overflow. plural NVIDIA Product nvhost_job.c Contains an integer overflow vulnerability.Local user induces buffer overflow, causing service disruption ( System crash ) There is a possibility of being put into a state. Google Nexus is prone to multiple local privilege-escalation vulnerabilities. Local attackers can exploit these issues to gain elevated privileges. These issues are being tracked by Android bug IDs A-31471161, A-32072350, and A-32072253. An integer overflow vulnerability exists in the nvhost_job.c file of several NVIDIA products. An attacker could exploit this vulnerability to cause a denial of service (system crash)

An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information that is sent in the POST request. Sauter is a leading provider of construction, room automation, energy management and equipment management. The Sauter NovaWeb Web HMI has a certification bypass vulnerability that an attacker can use to bypass security restrictions and perform unauthorized operations. An attacker may leverage this issue to inject and execute arbitrary commands. Sauter NovaWeb Web HMI is prone to an authentication-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and perform unauthorized actions. are the Web-based data acquisition systems of Locus Energy Corporation in the United States

An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to commands that may allow an attacker to install malicious software allowing the attacker to send messages to the vehicle's CAN bus, a Command Injection. Tesla Gateway ECU is prone to a command-injection vulnerability. An attacker may leverage this issue to inject arbitrary commands. Versions prior to Tesla Gateway ECU 7.1 (2.36.31) are vulnerable. Tesla Motors Gateway ECU is a set of firmware used by Tesla Motors (Tesla) in the United States to manage cars and provide driving functions

An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148242. References: QC-CR#1052821. This vulnerability Android ID: A-30148242 and Qualcomm QC-CR#1052821 It is published asData outside the privilege level may be accessed through malicious local applications. Google Nexus is prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to obtain sensitive information that may aid in launching further attacks. These issues are being tracked by Android Bug IDs A-29464815, and A-30148242

An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29464815. References: QC-CR#1042068. This vulnerability Android ID: A-29464815 and Qualcomm QC-CR#1042068 It is published asData outside the privilege level may be accessed through malicious local applications. Google Nexus is prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to obtain sensitive information that may aid in launching further attacks. These issues are being tracked by Android Bug IDs A-29464815, and A-30148242

An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30740545. References: QC-CR#1065916. Qualcomm A security vulnerability exists in the camera driver. Google Nexus is prone to a privilege-escalation vulnerability

Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a cross-site request forgery vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged-in, unintended operations may be conducted. Buffalo WNC01WH camera is prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. An HTML-injection vulnerability 4. A security bypass vulnerability 5. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. Buffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable. Buffalo WNC01WH is a network camera of Japan Buffalo Group. A remote attacker could exploit this vulnerability to perform unauthorized operations

Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a stored cross-site scripting vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the logged-in user's web browser. Buffalo WNC01WH camera is prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. An HTML-injection vulnerability 4. A security bypass vulnerability 5. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. Buffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable. Buffalo WNC01WH is a network camera of Japan Buffalo Group

Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains an enabling debug option vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An authenticated attacker may enable the debug option. Buffalo WNC01WH camera is prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. A cross-site request forgery vulnerability 3. An HTML-injection vulnerability 4. A security bypass vulnerability 5. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. Buffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable. Buffalo WNC01WH is a network camera of Japan Buffalo Group. An attacker could exploit this vulnerability to bypass access restrictions and enable debugging options

Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a directory traversal vulnerability due to an issue in processing commands. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. An authenticated attacker may obtain arbitrary files on the product. Buffalo WNC01WH camera is prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. A cross-site request forgery vulnerability 3. An HTML-injection vulnerability 4. A security bypass vulnerability 5. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. Buffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable. Buffalo WNC01WH is a network camera of Japan Buffalo Group

Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a directory traversal vulnerability due to an issue in processing POST request. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. An authenticated attacker may delete arbitrary files on the product. Buffalo WNC01WH camera is prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. A cross-site request forgery vulnerability 3. An HTML-injection vulnerability 4. A security bypass vulnerability 5. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. Buffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable. Buffalo WNC01WH is a network camera of Japan Buffalo Group

Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a denial-of-service (DoS) vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged-in, the user may not be able to access the management screen. An attacker could exploit the vulnerability to cause a denial of service. Buffalo WNC01WH camera is prone to the following security vulnerabilities: 1. A cross-site request forgery vulnerability 3. An HTML-injection vulnerability 4. A security bypass vulnerability 5. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. Buffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable

A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. FortiOS Contains an information disclosure vulnerability.Information may be obtained. Fortinet FortiOS is prone to an local information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Fortinet FortiOS 5.2.0 through 5.2.9 and 5.4.1 are vulnerable. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. A security vulnerability exists in Fortinet in FortiOS 5.2.x prior to 5.2.10 GA and 5.4.x prior to 5.4.2 GA. An attacker could exploit this vulnerability to gain permission to write and read hashes of administrator passwords, and possibly decipher passwords

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of downloadCSV.jsp. When parsing the file element, the process fails to properly validate a user-supplied path prior to using it in file operations. SUSIAccess is an easy-to-use remote device management software solution. Advantech SUISAccess Server is a set of Advantech's Platform as a Service (PaaS) products for cloud and Internet of Things (IoT) devices

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech SUSIAccess Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the UpgradeMgmt servlet upload function. The issue lies in the failure to properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. SUSIAccess is an easy-to-use remote device management software solution. Advantech SUISAccess Server is a set of Advantech's Platform as a Service (PaaS) products for cloud and Internet of Things (IoT) devices. A directory traversal vulnerability exists in Advantech SUISAccess Server 3.0 and earlier. An attacker can exploit these issues using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory or obtain sensitive information and perform other attacks

Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database. Huawei FusionAccess is prone to a command-injection vulnerability. An attacker may leverage this issue to inject arbitrary commands and obtain sensitive information. Huawei FusionAccess is a desktop management system of Huawei's FusionCloud desktop cloud solution developed by China's Huawei (Huawei). The system can distribute, maintain and reclaim virtual desktops for users through a graphical Portal interface. A command injection vulnerability exists in Huawei FusionAccess